public function vote(TokenInterface $token, $object, array $attributes)
{
/** @var User $user */
$user = $token->getUser();
if (!is_object($object) || !$this->supportsClass(get_class($object))) {
return VoterInterface::ACCESS_ABSTAIN;
}
$userPermissions = $this->accessControlManager->getUserPermissions($object, $user);
// only if all attributes are granted the access is granted
foreach ($attributes as $attribute) {
if (isset($userPermissions[$attribute]) && !$userPermissions[$attribute]) {
return VoterInterface::ACCESS_DENIED;
}
}
return VoterInterface::ACCESS_GRANTED;
}
public function testNegativeVoteWithMultipleAttributes() { $securityCondition = new SecurityCondition('sulu.security.roles', null); $this->accessControlManager->getUserPermissions($securityCondition, $this->user)->willReturn(['view' => true, 'add' => true, 'security' => false]); $access = $this->voter->vote($this->token->reveal(), $securityCondition, ['view', 'security']); $this->assertSame(VoterInterface::ACCESS_DENIED, $access); }